Articles

Saturday July 31, 2004 (02:31 PM GMT)

DEFCON 12, LAS
VEGAS, NEVADA -- As the Blackhat Briefings were ending on Thursday,
people were already gathering a few miles away for DEFCON, the older
sibling in this family of security conferences. Not only are both shows
put on by the same people, some of the speakers and many of the
attendees do both shows as well. DEFCON is the larger of the two,
probably twice the size of the Blackhat Briefings. There are other
differences: It's less formal, less organized, and it has a lot more
'tude.

Legions

of black t-shirted hackers, wannabes, and security folk were turned
away at the door at DEFCON's opening presentations Friday afternoon. A
new "arrangement" with the fire marshal was cited as the reason. The
good news is the presentation rooms are not packed like sardines this
year. The bad news is that more people than ever -- who have paid good
money for the privilege of attending -- are being turned away from
sessions they've been waiting to see. They say that if you have a room
at the hotel, you can watch the sessions on TV. But rooms for DEFCON at
the Alexis Park have been sold out since March. DEFCON has outgrown its
host.

While the largest single segment of attendees at
Blackhat appeared to be those involved in network security for various
federal agencies -- whether employees or contractors -- the percentage
of overt Feds at DEFCON is much smaller. Those I've seen are holdovers
from Blackhat. Almost everyone at DEFCON wears black. There are a lot
more body piercings at DEFCON than at Blackhat. Ditto for brightly
colored and/or extreme hairdos.

Members of the press are given a full page of
instructions on what can and cannot be done. No photographs of the
crowds, no pictures or recordings of anyone without their explicit
permission, be they presenters or attendees. Those who do not abide by
the rules will be thrown out by one or more of the volunteer staff
members known as "goons."

And speaking of the press, if you were like me and
unsuccessful in getting into an opening day session, the press room was
the next best place to be. That is if you ignored the whining about
everyone having to share a single ethernet connection since the press
room hub had been commandeered for the speakers room, no television
with which to watch the presentations, and the fact that there was only
a single phone line and phone.

It was in the press room that I met an interesting
young man named John Hering. John and his crew were at DEFCON to do a
presentation on Bluesnarfing, showing off their top secret "Bluetooth
Snarfer Gun" which may be capable of snarfing Bluetooth sessions from
as far as a mile away. John is also heavily involved in a project
called "Wire Iraq." The goal is to provide a secure wireless
infrastructure in Iraq so that American servicemen can chat and have
video conferences with their loved ones back home, without having to
wait in line at select locations for the privilege. More on this story
later.

It was also in the press room that a young lawyer
popped his head in. He was looking for a reporter who had told him he
might be able to help with research on cases similar to the one he is
currently doing. It seems he is representing a woman in Florida who has
been charged with installing spyware on her ex-husband's and his
girlfriend's PCs and then publishing information about them on the
Internet.

You might recognize the lawyer's name: Dario D. Diaz.
He gave a presentation at DEFCON in 2001 -- the year the FBI's top
priority was to act as Adobe's private IP police instead of looking for
terrorists -- and arrested an innocent Russian programmer named Dmitry Sklyarov.
Diaz offered to represent Sklarov pro bono immediately after the
arrest, but even acting as his lawyer the FBI refused to tell him where
Dmitry was being held. Diaz said he believes Attorney General Ashcroft
was eager to play with his new law (the DMCA) the same way a geek would
want to play with a shiny new piece of hardware.